30.01.2026

The Hacker News 30.01.2026 04:43
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.
The critical-severity vulnerabilities are listed below –

CVE-2026-1281 (CVSS score:

Infosecurity Magazine 29.01.2026 16:50
The FBI outlines ten actions which organizations can take to defend networks against cybercriminal and nation-state threats

Infosecurity Magazine 29.01.2026 13:05
The dark web forum administrator confirmed the takedown and said they had “no plans to rebuild”

Heise Security 29.01.2026 12:54
Softwareschwachstellen gefährden PCs mit Grafikkarten von Nvidia. Sicherheitspatches sind verfügbar.

CSO Online 29.01.2026 12:38
Two critical sandbox escape flaws in the popular n8n workflow automation platform are allowing authenticated users to achieve remote code execution on affected instances.
According to new JFrog findings, sandboxing safeguards meant to contain untrusted workflow logic can be bypassed, exposing enterprise automation environments to full host compromise. Enterprises that rely on n8n to orchestrate integrations, automate internal processes, and streamline cloud services and on-prem systems are at risk. JFrog’s researchers said n8n’s sandboxing mechanism can fail in specific configurations when users evaluate expressions or run custom scripts.

The Hacker News 29.01.2026 11:55
A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats.
The findings are based on

Golem 29.01.2026 11:22
Das FBI hat ein vor allem an Ransomware-Hacker gerichtetes Cybercrime-Forum namens Ramp übernommen. Gründer war wohl ein alter Bekannter aus Russland. (Cybercrime, Server)

Heise Security 29.01.2026 11:15
Die Ticketing-Software SolarWinds Web Help Desk ist unter anderem über vier kritische Sicherheitslücken angreifbar.

CSO Online 29.01.2026 09:30
The security community has offered broad support for the creation of an EU-hosted vulnerability database as a means of reducing dependence on US databases.
However, some experts have expressed concerns that the potential fragmentation of security intelligence risks impeding rapid vulnerability identification and remediation.

CSO Online 29.01.2026 09:18
Der Gesetzesentwurf der Bundesregierung zum Schutz kritischer Infrastruktur reicht nach Meinung des Deutschen Städtetag nicht aus.
Der Deutsche Städtetag hält den zur Abstimmung im Bundestag anstehenden Vorschlag der Koalition zum Schutz kritischer Infrastruktur für unzureichend. Der Entwurf von Union und SPD sieht für Unternehmen der kritischen Infrastruktur wie etwa große Energieversorger oder Verkehrsunternehmen strengere Verpflichtungen zum Schutz ihrer Anlagen vor. Vorgesehen sind neben Zugangsbeschränkungen und anderen praktischen Maßnahmen auch eine Pflicht zur Meldung sicherheitsrelevanter Vorfälle sowie Bußgelder bei Regelverstößen. 

The Hacker News 29.01.2026 09:00
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE).
The list of vulnerabilities is as follows –

CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability that could allow an unauthenticated

Heise Security 29.01.2026 08:36
Die JavaScript-Sandbox vm2 für Node.js war eigentlich beendet. Nun schließt ein Update eine kritische Sicherheitslücke.